The Health Insurance Portability and Accountability Act (HIPAA) was created to make the healthcare delivery system more cost effective and efficient. The main component HIPAA revolves around the standardization of electronic patient information which includes the transmission electronic bills and claims information. The new electronic format allows for an increased potential for medical records abuse or fraud. Therefore, a key part of HIPAA was to increase and standardized the confidentiality and security of patient healthcare data.

The Health Information Technology for Economic and Clinical Health Act (HITECH), made important changes to HIPAA, particularly with regards to "Improved Privacy Provisions and Security Provisions."

Any entities that handles, maintains, stores, or exchanges private healthcare or patient-related information, regardless of size, must fully comply with these privacy regulations. Entities found to be HIPAA non-compliant will face:

√Costly penalties from the government (State and Federal)

√Hefty Fines

√Sole Liability

√Criminal Offense

√Loss of Patient Confidence

√Data Breach Notification

√Increased Compliance Audits

If your organization is unsure whether or not it is compliant with all of these privacy regulations, let Turner and Associates provide our expert guidance with our HIPAA / HITECH audit.

Turner and Associates will combine the COBIT and COSO frameworks to provide detailed testing of your organizations controls environment.

Just a few mandatory key areas we specifically test during our HIPAA / HITECH audit:

Administrative Safeguards:

√Security Management Process

√Assigned Security Responsibility

√Workforce Security

√Information Access Management

√Security Awareness and Training

√Security Incident Procedures

√Contingency Plan

√Evaluation

√Business Associate Contracts and other Arrangements

Physical Safeguards

√Facility Access Controls

√Workstation Use

√Workstation Security

√Device and Media Controls

Technical Safeguards

√Access Controls

√Audit Controls

√Integrity

√Person or Entity Authentication

√Transmission Security

Thereafter, were gaps are identified, Turner and Associates' experts will recommend practical cost-effective solutions to ensure your organization meets compliance with all of the privacy regulations mandated by HIPAA / HITECH.